Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'TASKMAN.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = 'TASKMAN.EXE'
- C:\RECYCLER\1003.exe
- <SYSTEM32>\cmd.exe /c c:\Recycler\1003.bat
- <SYSTEM32>\cmd.exe /c C:\kkk.bat
- <SYSTEM32>\taskkill.exe /im egui.exe /f
- <SYSTEM32>\sc.exe config ekrn start = disabled
- <SYSTEM32>\taskkill.exe /im ekrn.exe /f
- C:\kkk.bat
- C:\RECYCLER\1003.exe
- %TEMP%\wybho.exe
- C:\RECYCLER\1001.dat
- C:\RECYCLER\1002.dat
- C:\RECYCLER\1003.bat
- C:\RECYCLER\1002.dat
- C:\RECYCLER\1001.dat
- ClassName: '' WindowName: ''